summaryrefslogtreecommitdiffstats
path: root/system/libraries/Profiler.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2016-03-11 20:04:43 +0100
committerAndrey Andreev <narf@devilix.net>2016-03-11 20:04:43 +0100
commita190d78a0238a0a6abd463823321bef15713e312 (patch)
treea4e49327f8e6ca1660018cebf3b06131ae3e5faf /system/libraries/Profiler.php
parent3b74f57cfa6c43eab4c7cce440a454d095974a45 (diff)
parent4f9b20ae507dda7379d392386fb7ce5702626a91 (diff)
Merge branch '3.0-stable' into develop
Resolved conflicts: system/core/CodeIgniter.php user_guide_src/source/changelog.rst user_guide_src/source/conf.py user_guide_src/source/installation/downloads.rst user_guide_src/source/installation/upgrading.rst
Diffstat (limited to 'system/libraries/Profiler.php')
-rw-r--r--system/libraries/Profiler.php44
1 files changed, 18 insertions, 26 deletions
diff --git a/system/libraries/Profiler.php b/system/libraries/Profiler.php
index cc7641436..cf455d3da 100644
--- a/system/libraries/Profiler.php
+++ b/system/libraries/Profiler.php
@@ -314,12 +314,14 @@ class CI_Profiler {
foreach ($_GET as $key => $val)
{
- is_int($key) OR $key = "'".$key."'";
+ is_int($key) OR $key = "'".htmlspecialchars($key, ENT_QUOTES, config_item('charset'))."'";
+ $val = (is_array($val) OR is_object($val))
+ ? '<pre>'.htmlspecialchars(print_r($val, TRUE), ENT_QUOTES, config_item('charset'))
+ : htmlspecialchars($val, ENT_QUOTES, config_item('charset'));
$output .= '<tr><td style="width:50%;color:#000;background-color:#ddd;padding:5px;">&#36;_GET['
.$key.']&nbsp;&nbsp; </td><td style="width:50%;padding:5px;color:#cd6e00;font-weight:normal;background-color:#ddd;">'
- .((is_array($val) OR is_object($val)) ? '<pre>'.htmlspecialchars(stripslashes(print_r($val, TRUE))).'</pre>' : htmlspecialchars(stripslashes($val)))
- ."</td></tr>\n";
+ .$val."</td></tr>\n";
}
$output .= "</table>\n";
@@ -352,36 +354,26 @@ class CI_Profiler {
foreach ($_POST as $key => $val)
{
- is_int($key) OR $key = "'".$key."'";
+ is_int($key) OR $key = "'".htmlspecialchars($key, ENT_QUOTES, config_item('charset'))."'";
+ $val = (is_array($val) OR is_object($val))
+ ? '<pre>'.htmlspecialchars(print_r($val, TRUE), ENT_QUOTES, config_item('charset'))
+ : htmlspecialchars($val, ENT_QUOTES, config_item('charset'));
$output .= '<tr><td style="width:50%;padding:5px;color:#000;background-color:#ddd;">&#36;_POST['
- .$key.']&nbsp;&nbsp; </td><td style="width:50%;padding:5px;color:#009900;font-weight:normal;background-color:#ddd;">';
-
- if (is_array($val) OR is_object($val))
- {
- $output .= '<pre>'.htmlspecialchars(stripslashes(print_r($val, TRUE))).'</pre>';
- }
- else
- {
- $output .= htmlspecialchars(stripslashes($val));
- }
-
- $output .= "</td></tr>\n";
+ .$key.']&nbsp;&nbsp; </td><td style="width:50%;padding:5px;color:#009900;font-weight:normal;background-color:#ddd;">'
+ .$val."</td></tr>\n";
}
foreach ($_FILES as $key => $val)
{
- is_int($key) OR $key = "'".$key."'";
+ is_int($key) OR $key = "'".htmlspecialchars($key, ENT_QUOTES, config_item('charset'))."'";
+ $val = (is_array($val) OR is_object($val))
+ ? '<pre>'.htmlspecialchars(print_r($val, TRUE), ENT_QUOTES, config_item('charset'))
+ : htmlspecialchars($val, ENT_QUOTES, config_item('charset'));
$output .= '<tr><td style="width:50%;padding:5px;color:#000;background-color:#ddd;">&#36;_FILES['
- .$key.']&nbsp;&nbsp; </td><td style="width:50%;padding:5px;color:#009900;font-weight:normal;background-color:#ddd;">';
-
- if (is_array($val) OR is_object($val))
- {
- $output .= '<pre>'.htmlspecialchars(stripslashes(print_r($val, TRUE))).'</pre>';
- }
-
- $output .= "</td></tr>\n";
+ .$key.']&nbsp;&nbsp; </td><td style="width:50%;padding:5px;color:#009900;font-weight:normal;background-color:#ddd;">'
+ .$val."</td></tr>\n";
}
$output .= "</table>\n";
@@ -465,7 +457,7 @@ class CI_Profiler {
foreach (array('HTTP_ACCEPT', 'HTTP_USER_AGENT', 'HTTP_CONNECTION', 'SERVER_PORT', 'SERVER_NAME', 'REMOTE_ADDR', 'SERVER_SOFTWARE', 'HTTP_ACCEPT_LANGUAGE', 'SCRIPT_NAME', 'REQUEST_METHOD',' HTTP_HOST', 'REMOTE_HOST', 'CONTENT_TYPE', 'SERVER_PROTOCOL', 'QUERY_STRING', 'HTTP_ACCEPT_ENCODING', 'HTTP_X_FORWARDED_FOR', 'HTTP_DNT') as $header)
{
- $val = isset($_SERVER[$header]) ? $_SERVER[$header] : '';
+ $val = isset($_SERVER[$header]) ? htmlspecialchars($_SERVER[$header], ENT_QUOTES, config_item('charset')) : '';
$output .= '<tr><td style="vertical-align:top;width:50%;padding:5px;color:#900;background-color:#ddd;">'
.$header.'&nbsp;&nbsp;</td><td style="width:50%;padding:5px;color:#000;background-color:#ddd;">'.$val."</td></tr>\n";
}